CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2019-1010142
https://notcve.org/view.php?id=CVE-2019-1010142
19 Jul 2019 — scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work. scapy 2.4.0 está afectado por: Denegación de Servicio. El impacto es: bucle infinito, consumo de recursos y programa sin responder. • http://www.securityfocus.com/bid/106674 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1010065
https://notcve.org/view.php?id=CVE-2019-1010065
18 Jul 2019 — The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack vector is: Victim must open a crafted HFS filesystem image. • https://github.com/sleuthkit/sleuthkit/commit/114cd3d0aac8bd1aeaf4b33840feb0163d342d5b • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 4%CPEs: 11EXPL: 1CVE-2019-13619
https://notcve.org/view.php?id=CVE-2019-13619
17 Jul 2019 — In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. En Wireshark versiones 3.0.0 hasta 3.0.2, versiones 2.6.0 hasta 2.6.9 y versiones 2.4.0 hasta 2.4.15, el disector ASN.1 BER y los disectores relacionados podrían bloquearse. Esto se abordó en el archivo epan/asn1.c mediante la restricción apropiada de los incrementos del búfer. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00068.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 85%CPEs: 9EXPL: 0CVE-2019-9848 – libreoffice: LibreLogo script can be manipulated into executing arbitrary python commands
https://notcve.org/view.php?id=CVE-2019-9848
17 Jul 2019 — LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silen... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 6%CPEs: 9EXPL: 1CVE-2019-9849 – libreoffice: Remote resources protection module not applied to bullet graphics
https://notcve.org/view.php?id=CVE-2019-9849
17 Jul 2019 — LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. LibreOffice presenta un "stealth mode" en el que solo los... • https://github.com/mbadanoiu/CVE-2019-9849 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-10191 – Ubuntu Security Notice USN-7047-1
https://notcve.org/view.php?id=CVE-2019-10191
16 Jul 2019 — A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol. Se detectó una vulnerabilidad en la resolución de DNS de knot resolver anteriores a la versión 4.1.0, que permite a los atacantes remotos degradar los dominios seguros de DNSSEC a un estado no seguro de DNSSEC, abriendo la posibilidad de un secuestro de ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10191 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-10190 – Ubuntu Security Notice USN-7047-1
https://notcve.org/view.php?id=CVE-2019-10190
16 Jul 2019 — A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191. Se detectó una vulnerabilidad en el componente de resolución de DNS de knot resolver hasta la versión 3.2.0 anterior ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10190 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1010057 – Gentoo Linux Security Advisory 202003-17
https://notcve.org/view.php?id=CVE-2019-1010057
16 Jul 2019 — nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdump must read and process a specially crafted file. The fixed version is: after commit 9f0fe9563366f62a71d34c92229da3432ec5cf0e. nfdump versiones 1.6.16 y anteriores están afectados por: Desbordamiento de búfer. • https://github.com/phaag/nfdump/issues/104 • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 45%CPEs: 9EXPL: 4CVE-2019-13115 – libssh2 1.8.2 Out-Of-Bounds Read
https://notcve.org/view.php?id=CVE-2019-13115
16 Jul 2019 — In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as ... • https://packetstorm.news/files/id/172834 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 4%CPEs: 23EXPL: 1CVE-2019-13616 – SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c
https://notcve.org/view.php?id=CVE-2019-13616
16 Jul 2019 — SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. hasta 2.0.9, presenta una lectura excesiva del búfer en la región heap de la memoria en BlitNtoN en el archivo video/SDL_blit_N.c cuando es llamado desde SDL_SoftBlit en el archivo video/SDL_blit.c. A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing s... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html • CWE-125: Out-of-bounds Read •